<?php

/**
 *      [Hero! Cms] (C)2011-2012.
 *
 *      $Id: admincp_member.php 29 2011-08-17 12:15:02Z zyb0807@gmail.com $
 */

if(!defined('IN_HERO') || !defined('IN_ADMINCP')) {
	exit('Access Denied');
}

cpheader();
$usergrouplist = $modulelist = array();
$query = DB::query("SELECT * FROM ".DB::table('common_usergroup')."");
while($group = DB::fetch($query)) {
	$usergrouplist[$group['groupid']] = $group['grouptitle'];
}

$query = DB::query("SELECT * FROM ".DB::table('common_module')." WHERE available='1' ORDER BY displayorder");
while($module = DB::fetch($query)) {
	if($module['type'] != 1) {
		$modulelist[$module['mid']] = $module['name'];
	}
}

$operation = in_array($operation, array('list', 'add', 'edit', 'ban')) ? $operation : 'list';

if($operation == 'list') { // 管理员列表
	
	if(!submitcheck('membersubmit')) {
		shownav('global', 'nav_member');
		showsubmenu('nav_member', array(
			array('member_list', 'member&operation=list', 1),
			array('member_add', 'member&operation=add', 0),
		));
		showformheader('member');
		showtableheader('member_list', 'fixpadding');
		showsubtitle(array('', 'username', 'realname', 'usergroup', 'email', 'regdate', ''));

		$where = !empty($where) ? $where : 1;
		$num = DB::result_first("SELECT COUNT(*) FROM ".DB::table('common_member')." WHERE $where");

		$perpage = max(5, empty($_G['gp_perpage']) ? 50 : intval($_G['gp_perpage']));
		$start_limit = ($page - 1) * $perpage;
		$mpurl = ADMINSCRIPT."?action=member&operation=list";

		$multipage = multi($num, $perpage, $page, $mpurl);

		$query = DB::query("SELECT * FROM ".DB::table('common_member')." WHERE $where ORDER BY uid LIMIT $start_limit, $perpage");
		while($member = DB::fetch($query)) {
			$disable = isfounder($member) ? 'disabled="true"': '';
			showtablerow('', array('', '', '', '', '', '', ''), array(
				"<input class=\"checkbox\" type=\"checkbox\" name=\"delete[]\" value=\"$member[uid]\" $disable>",
				$member['username'],
				$member['realname'],
				$usergrouplist[$member['groupid']],
				$member['email'],
				dgmdate($member['regdate'], 'Y-n-j H:i'),
				"<a href=\"".ADMINSCRIPT."?action=member&operation=edit&uid=$member[uid]\" class=\"act\">$lang[detail]</a>",
			));
		}

		showsubmit('membersubmit', 'submit', 'del', $multipage);
		showtablefooter();
		showformfooter();

	} else {

	}
} elseif($operation == 'add') { // 添加管理员

	if(!submitcheck('addsubmit')) {
		shownav('global', 'nav_member');
		showsubmenu('member_add', array(
			array('member_list', 'member&operation=list', 0),
			array('member_add', 'member&operation=add', 1)
		));
		showformheader('member&operation=add');
		showtableheader();
		showsetting('username', 'usernamenew', '', 'text');
		showsetting('password', 'passwordnew', '', 'text');
		showsetting('realname', 'realnamenew', '', 'text');		
		showsetting('email', 'emailnew', '', 'text');
		showsetting('status', 'statusnew', '', 'radio');
		
		showsubmit('addsubmit');
		showtablefooter();
		showformfooter();
	} else {

		$newusername = trim($_G['gp_usernamenew']);
		$newpassword = trim($_G['gp_passwordnew']);
		$newrealname = trim($_G['gp_realnamenew']);
		$newemail = trim($_G['gp_emailnew']);
		$newstatus = $_G['gp_statusnew'];

		if(!$newusername || !$newpassword || !$newrealname) {
			cpmsg('members_add_invalid', '', 'error');
		}

		if(DB::result_first("SELECT count(*) FROM ".DB::table('common_member')." WHERE username='$newusername'")) {
			cpmsg('members_add_username_duplicate', '', 'error');
		}

		$maxuidarr = DB::fetch_first("SELECT MAX(uid) AS uid FROM ".DB::table('common_member'));
		$maxuid = ++$maxuidarr['uid'];
		$newpassword = md5(md5($newpassword).$maxuid);

		$data = array(
			'uid' => $maxuid,
			'username' => $newusername,
			'password' => $newpassword,
			'email' => $newemail,
			'realname' => $newrealname,
			'status' => $newstatus,
			'adminid' => 0,
			'groupid' => 2,
			'regdate' => $_G['timestamp'],
		);
		DB::insert('common_member', $data);
	}
} elseif($operation == 'edit') { // 编辑管理员

	$_G['gp_uid'] = intval($_G['gp_uid']);
	if(empty($_G['gp_uid']) && empty($_G['gp_username'])) {
		cpmsg('members_edit_nonexistence', '', 'error');
	}

	$member = DB::fetch_first("SELECT * FROM ".DB::table('common_member')." WHERE uid='$_G[gp_uid]'");
	if(!$member) {
		cpmsg('members_edit_nonexistence', '', 'error');
	}

	$uid = $member['uid'];
	$memberstatus = DB::fetch_first("SELECT * FROM ".DB::table('common_member_status')." WHERE uid='$_G[gp_uid]'");
	
	if(!submitcheck('editsubmit')) {
	
		$member['regdate'] = dgmdate($member['regdate'], 'Y-n-j h:i A');
		$member['lastvisit'] = dgmdate($member['lastvisit'], 'Y-n-j h:i A');

		shownav('user', 'member_edit');
		showsubmenu("$lang[member_edit] - $member[username]");
		showformheader("member&operation=edit&uid=$uid");
		showtableheader();
		showsetting('username', '', '', ' '.$member['username']);
		showsetting('password', 'passwordnew', '', 'text');		
		showsetting('realname', 'realnamenew', $member['realname'], 'text');		
		showsetting('email', 'emailnew', $member['email'], 'text');
		showsetting('lastip', 'lastipnew', $memberstatus['lastip'], 'text');
		if(!$admincp->checkfounder($member)) { // 非创始人可以被禁用
			showsetting('status', 'statusnew', $member['status'], 'radio');
		}

		showsubmit('editsubmit');	
		showtablefooter();
		showformfooter();
		
	} else {

		//var_dump($_G);
		//var_dump($member);
		$statusadd = isset($_G['statusnew']) ? ", status='$_G[gp_statusnew]'" : '';
		$password = !empty($_G['gp_passwordnew']) ? md5(md5($_G['gp_passwordnew']).$member['uid']) : '';
		$passwordadd = !empty($password) ? ", password='$password'" : '';
		DB::query("UPDATE ".DB::table('common_member')." SET email='$_G[gp_emailnew]' $statusadd $passwordadd, realname='$_G[gp_realnamenew]' WHERE uid='$member[uid]'");
		cpmsg('members_edit_succeed', 'action=member&operation=edit&uid='.$uid, 'succeed');
		
	}	
}
